System for the internet connections, and server for routing connections to a client machine

ABSTRACT

The purpose of the present invention is to provide an Internet connection system which is capable of benefiting from the IPv6 by relatively easy means and in which manufacturers of client-side devices can create added values for users. IPv6 packets are transmitted by a tunneling connection between a home network and a server on the Internet. Also terminal devices present in the home network can be uniquely recognized and controlled from outside via the server. Since all communications are performed via the server on the Internet regardless of the carrier and the ISP, the terminal device and all connections to the terminal device can be freely configured and controlled by the owner or the manufacturer of the server on the Internet.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application claims priority under Article 4 of the ParisConvention (and corresponding stipulations of other countries) basedupon Japanese patent application No. 2002-348543, Japanese patentapplication No. 2003-161246 and Japanese patent application No.2003-345390. The entire disclosure of the aforesaid applications isincorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to a system and a server used in thesystem for realizing a network with the next generation IP, IPv6(Internet Protocol version 6), and providing a home IPv6 environmentwith services from the server in the current infrastructure environmentbroadly employing the IPv4 (Internet Protocol version 4).

BACKGROUND OF THE INVENTION

In a service delivery environment through Internet-centered publicnetworks, values of all information are generally located on a serverside rather than a client side.

Each client (terminal device) is basically a viewer, which browsesinformation on the Internet. Each client issues various requests toobtain information from the Internet, which in return sends backinformation for the client. It means that all information is collectedon the Internet, which offers formulaic informationsingle-directionally. For this reason, it is difficult for manufacturersof terminal devices to create added values for users.

In order to change this circumstance, the server-client relationshipmust be reversed by inverting the access direction. For a home networkconnected to the Internet, for example, an environment must be createdsuch that access from the Internet to the home network is initiated, andservices are provided by the home network to the Internet.

To achieve this, the internet network needs to be able to uniquelyidentify each device connected to the home network. Home routing andsecurity problems need also to be resolved. One of the technologies toaddress this issue is the IPv6 (Internet Protocol version 6).

However, in view of the circumstances regarding the current Japanesecarriers and Internet service providers, it can be surmised that aconsiderable amount of time will have to be expended until the IPv6becomes widely available. For example, it will take at least 2 to 3years for the currently available IPv4 to depreciate, and the IPv6service has just started on a test basis.

In order to achieve an IPv6-enabled network quickly, manufacturers willneed to expand their business to include ISP level services, which isvery costly and unrealistic.

Furthermore, home network environments vary tremendously with theirconnection mechanisms varying very widely depending on their carriersand ISP's. Therefore, a new, standardized approach is needed to realizethe IPv6 environment by taking into account all these variations.

In view of the above situation, the purpose of the present invention isto provide an Internet connection system which is capable of benefitingfrom the IPv6 by relatively easy means and in which manufacturers ofclient devices can create added values for users.

SUMMARY OF THE INVENTION

In order to achieve the above object, according to a first principalaspect of the present invention, there is provided an Internetconnection system, comprising: a relay device connected to a clientdevice and provided in a first network, the first network communicatedin a first protocol; and a server connected to the relay device througha second network in a second protocol, wherein the relay devicecomprises: a client device global address storage section for storing aglobal address of the client device in the first protocol; a serveraddress storage section for storing a global address of the server inthe second protocol; a first routing device for routing a connectionfrom the client device through the server based on the global address ofthe server stored in the server address storage section; and a firstpacket processing device for capsulating/decapsulating packets, thepackets in the first protocol, using the second protocol to therebyestablish a tunneling connection with the server in the first protocol,and wherein the server comprises: a second packet processing device forcapsulating/decapsulating packets, the packets in the first protocol,using the second protocol to thereby establish a tunneling connectionwith the relay device; a client device global address management devicefor managing the global address of the client device in the firstprotocol, the client device connected to the relay device, inassociation with a global address of the relay device in the secondprotocol; and a second routing device for routing a connection to therelay device based on the global address of the client device managed bythe client device global address management device.

According to such a structure, IPv6 packets are transmitted by atunneling connection between a home network and a server on theInternet. Also terminal (client) devices present in the home network canbe uniquely recognized and controlled from outside via the server. Sinceall communications are performed via the server on the Internetregardless of the carrier and the ISP, the terminal device and allconnections to the terminal device can be freely configured andcontrolled by the owner or the manufacturer of the server on theInternet.

This means that all problems related to conventional in-home routing,security and individual identification of an IPv6 device where IPv6 andIPv4 coexist can be solved, and extremely open and yet closed networkscan be realized.

In this case, the first and second protocols may be different or thesame. In the most preferred embodiment, however, the first protocol isIPv6 and the second protocol is IPv4.

According to one embodiment of the present invention, the server furthercomprises a model identification section for determining if the clientdevice is of a predetermined model and/or the relay device is of apredetermined model. In this case, the server preferably furthercomprises a communication session disconnection section fordisconnecting communication sessions or limiting packet transmissions ifthe model identification section determines that the client device orthe relay device is not of the predetermined model. Additionally, theserver may further comprise a command conversion section for convertinga command to be sent to the client device to a command in apredetermined format to control the client device based on results fromthe model identification section. Moreover, the server preferablyfurther comprises a client device control section for controlling theclient device based on results from the model identification section.

According to another embodiment, the server further comprises a networktype identification section for determining if an environment of thefirst network connected with the client device and/or the relay deviceis of a predetermined type. In this case, the server preferably furthercomprises a communication session disconnection section fordisconnecting communication sessions or limiting packet transmissions ifa private network environment connected with the client device or therelay device is determined not of the predetermined type. In this case,the server preferably further comprises a state information obtainingsection for obtaining at least one of an operation state, a usage stateand location information of the client device and/or the relay device;and this state information obtaining section preferably obtains at leastone of the operation state, the usage state and location information ofthe client device using a method according to a model of the clientdevice.

According to yet another embodiment, the server comprises a searchsection for searching for the client device or the relay device based onat least one of the global address, the operation state, the usage stateand the location information of the client device or the relay device.In this case, the search section preferably comprises a means fordisplaying a list of the client devices connected to each relay device.In this case, the server preferably further comprises a client devicecontrol section for controlling the client device, wherein the clientdevice control section preferably selects a specific client device fromthe list to thereby activate a control program for the specific clientdevice.

According to yet another embodiment, the server further comprises aclient device address search section for searching for the globaladdress of the client device in the first protocol based on a connectionrequest to the client device. In this case, the server preferablyfurther comprises a connection requester authentication section forauthenticating a user who requested a connection to the client device tothereby permit or deny the connection to the client device.

According to yet another embodiment, the internet connection systemfurther comprises a tunneling connection information management devicefor managing information of the tunneling connection between the relaydevice and the server, wherein the tunneling connection informationmanagement device notifies the relay device of the global address of theserver in the second protocol, and notifies the server the globaladdress of the relay device in the second protocol and an entirety orpart of the global address of the client device in the first protocol.In this case, the tunneling connection information management devicepreferably authenticates the relay device or the server and, if theauthentication result is positive, performs the notification as above.

According to yet another embodiment, the server further comprises afiltering processing device for filtering communications to/from theclient device according to predetermined rules. Preferably in this case,the server further comprises a filtering rule setup section forproviding an interface for editing the predetermined rules.

According to yet another embodiment, the relay device further comprisesa model identification section for determining if the client device isof a predetermined model. In this case, the relay device preferablyfurther comprises a communication session disconnection section fordisconnecting communication sessions if the model identification sectiondetermines that the client device is not of the predetermined model.

According to a second principal aspect of the present invention, thereis provided a relay device, used in an Internet connection system whichcomprises: the relay device connected to a client device and provided ina first network, the first network communicated in a first protocol; anda server connected to the relay device through a second network in asecond protocol, comprising: a client device global address storagesection for storing a global address of the client device in the firstprotocol; a server address storage section for storing a global addressof the server in the second protocol; a first routing device for routinga connection from the client device through the server based on theglobal address of the server stored in the server address storagesection; and a first packet processing device forcapsulating/decapsulating packets, the packets in the first protocol,using the second protocol to thereby establish a tunneling connectionwith the server in the first protocol.

According to a third principal aspect of the present invention, there isprovided a server, used in an Internet connection system whichcomprises: a relay device connected to a client device and provided in afirst network, the first network communicated in a first protocol; andthe server connected to the relay device through a second network in asecond protocol, comprising: a second packet processing device forcapsulating/decapsulating packets, the packets in the first protocol,using the second protocol to thereby establish a tunneling connectionwith the relay device; a client device global address management devicefor managing a global address of the client device in the firstprotocol, the client device connected to the relay device, inassociation with a global address of the relay device in the secondprotocol; and a second routing device for routing a connection to therelay device based on the global address of the client device managed bythe client device global address management device.

According to a forth principal aspect of the present invention, there isprovided a server, used in an Internet connection system whichcomprises: a relay device provided in a first network; and the serverconnected to a client device through the relay device and the Internet,the client device connected to the first network, comprising: a clientdevice address management device for managing an address of the clientdevice connected to the relay device in association with an address ofthe relay device; a routing device for routing a connection, theconnection from the Internet to the client device, to the relay deviceconnected to the client device based on the address of the client devicemanaged at the client device address management device; a modelidentification section for determining if the client device is of apredetermined model and/or the relay device is of a predetermined model;and a command conversion section for converting a command to be sent tothe client device to a command in a predetermined format to control theclient device based on results from the model identification section.

According to such a structure, the model of a terminal device present inthe home network can be uniquely recognized from outside via the server.Then the terminal device can be controlled according to its model. Sinceall communications are performed via the server on the Internetregardless of the carrier and the ISP, the terminal device and allconnections to the terminal device can be freely configured andcontrolled by the owner or the manufacturer of the server on theInternet.

According to one embodiment of the present invention, the server furthercomprises a communication session disconnection section fordisconnecting communication sessions or limiting packet transmissions ifthe model identification section determines that the client device orthe relay device is not of the predetermined models.

Additionally, according to another embodiment of the present invention,the client device includes a peripheral device which is communicablewith the relay device but cannot by itself connect to the Internet.

According to yet another embodiment, the server further comprises anetwork type identification section for determining if an environment ofthe first network connected with the client device and/or the relaydevice is of a predetermined type. In this case, the server preferablyfurther comprises a communication session disconnection section fordisconnecting communication sessions or limiting packet transmissions ifa private network environment connected with the client device or therelay device is determined not of the predetermined type.

According to yet another embodiment of the present invention, the serverfurther comprises a state information obtaining section for obtaining atleast one of an operation state, a usage state and location informationof the client device and/or the relay device. In this case, the stateinformation obtaining section obtains at least one of the operationstate, the usage state and the location information of the client deviceusing a method according to a model of the client device. Also, theserver further comprises a client device control section for controllingthe client device, and this client device control section has a meansfor displaying to a user at least one of the operation state, the usagestate and the location information of the client device.

The server further comprises a search section for searching for theclient device or the relay device based on at least one of the address,the operation state, the usage state and the location information of theclient device or the relay device. This search section comprises a meansfor displaying a list of client devices found by the search section,each with the operation state. The means also displays a list of clientdevices connected to each relay device. Moreover, the server furthercomprises a client device control section for controlling the clientdevice, wherein the client device control section preferably selects aspecific client device from the list to thereby activate a controlprogram for the specific client device.

According to yet another embodiment, the relay device is provided in theclient device.

According to yet another embodiment, the server further comprises asecond packet processing device for capsulating/decapsulating packets,the packets in a first protocol, using a second protocol to therebyestablish a tunneling connection with the relay device; a client deviceglobal address management device for managing a global address of theclient device in the first protocol, the client device connected to therelay device, in association with a global address of the relay devicein the second protocol; and a second routing device for routing aconnection to the relay device based on the global address of the clientdevice managed by the client device global address management device.The first and second protocols may be different or the same.

The server preferable further comprises a client device address searchsection for searching for the global address of the client device in thefirst protocol based on a connection request to the client device.Preferably in this case, the server further comprises a connectionrequester authentication section for authenticating a user who requesteda connection to the client device to thereby permit or deny theconnection to the client device.

The server further comprises a tunneling connection informationmanagement device for managing information of the tunneling connectionbetween the relay device and the server, wherein this tunnelingconnection information management device notifies the relay device ofthe global address of the server in the second protocol, and obtains theglobal address of the relay device in the second protocol and anentirety or part of the global address of the client device in the firstprotocol. In this case, the tunneling connection information managementdevice preferably authenticates the relay device and, if theauthentication result is positive, performs the notification as above.

According to yet another embodiment, the server further comprises afiltering processing device for filtering communications to/from theclient device according to predetermined rules. Preferably in this case,the server further comprises a filtering rule setup section forproviding an interface for editing the predetermined rules.

According to the server employed in the Internet connection system ofthe present invention, it is possible to provide an Internet connectionsystem which is capable of benefiting from the IPv6 by relatively easymeans and in which manufacturers of client devices can create addedvalues for users.

Other characteristics and marked effects of the present invention willbecome apparent to those skilled in the art upon referring toexplanations of the following DETAILED DESCRIPTION OF THE PREFERREDEMBODIMENTS when taken in conjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing an example of network structure according toone embodiment of the present invention;

FIG. 2 is a schematic structural view showing an example of an InterBOXaccording to one embodiment of the present invention;

FIG. 3 is a schematic structural view showing an example of anInterServer according to one embodiment of the present invention;

FIG. 4 is a diagram showing a schematic structure of a filter section;

FIG. 5 is a flowchart showing processing at the filter section;

FIG. 6 is a diagram showing a schematic structure of an IPv6 terminalsearch section;

FIG. 7 is a diagram showing an example of a search screen;

FIG. 8 is a diagram showing an example of a list display of searchresults for the InterBOX;

FIG. 9 is a diagram showing a control concept of an IPv6 terminalcontrol section;

FIG. 10 is a function diagram showing a communication example in thepresent embodiment;

FIG. 11 is a function diagram showing another communication example inthe present embodiment;

FIG. 12 is a diagram showing a setup example of the InterBOX or an IPv6terminal; and

FIG. 13 is a diagram showing a tunneling connection example between theInterBOX and the InterServer.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Embodiments of the present invention are described below with referenceto the accompanying drawings.

FIG. 1 is a diagram showing an example of a network structure accordingto one embodiment of the present invention.

Indicated with a reference numeral 1 in this figure is an IPv6 homenetwork connected to various types of client IPv6 terminals 2(hereafter, each referred to as an “IPv6 terminal”) communicating usingIPv6 (a first communication protocol). The IPv6 home network 1 is, forexample, structured using a LAN implemented in each home.

The IPv6 home network 1 is connected to an IPv4 Internet network 4 viaan InterBOX 3 (a “relay device” of the present invention) and acommunication carrier/ISP. In the IPv4 Internet network 4,communications are performed using IPv4 (a second communicationprotocol), which is widely used unlike the above IPv6.

Connected to the IPv4 Internet network 4 is an InterServer 6 (a serveraccording to the present invention) for controlling communications ofthe IPv6 terminal 2 on the IPv6 home network 1. As described in greaterdetail herein below, the InterServer 6 in this figure has brokerfunctions for connecting the IPv6 terminal 2 to IPv6 terminals 2 a andan IPv6 server 7 on another IPv6 home network 1 a, to IPv6 terminals 2 bon yet another IPv6 home network 1 b, and to other devices on the IPv4internet network 4.

Here, the InterBOX 3 and the InterServer 6 are intended to be producedby the same manufacturer or under a unified standard, and are designedto interface with each other. Stored in the InterBox 3 is a globaladdress of the InterServer 6 with IPv4 so that the InterBox 3 can bealways routed and connected to the InterServer 6 regardless of thecarrier or ISP. Additionally the IPv6 terminal 2 connected to the IPv6home network 1 is also intended to be produced by the same manufactureras that of the InterBox 3 or under a unified standard, and configured sothat a type (model) or the like of the IPv6 terminal 2 is identifiableon the InterServer 6 based on, for example, an IPv6 global addressassigned to the IPv6 terminal 2.

There are various possible techniques for assigning an IPv6 globaladdress to the IPv6 terminal 2. An IPv6 global address is 128-bitstructured, comprising a “prefix” section configured in the first halfwhich is assigned from the NIC or ISP, and an “interface ID” sectionconfigured in the second half which can be uniquely generated by a user.A prefix assigned to the manufacturer may be used in combination with aninterface ID generated based on a MAC address specific to the terminal.Also, an IPv6 terminal 2 factory default may be used. Further, theaddress may be automatically generated via a connection to the InterBOX3, by using an IPv6 address prefix of the InterBOX 3 and the IPv6terminal's MAC address. Note that the IPv6 terminal 2 may be aconventional home appliance such as a VCR or a TV, which by itselfcannot connect to the Internet. In this case, the InterBOX may beprovided with an predetermined interface (IEEE1394) communicable withthese home appliances, and a virtual IP address may be assigned to eachhome appliance as an ID (unique ID).

FIG. 2 is a schematic structural view showing the InterBOX 3.

The InterBOX 3 has an InterServer address storage section 10 for storinga global address of the InterServer 6 with IPv4; a tunneling sessionestablishing section 11 for establishing a tunneling connection with theInterServer 6 based on the InterServer 6's address; a capsulatingprocessing section 12 for capsulating/decapsulating IPv6 packets usingIPv4 and performing tunneling transmissions with the InterServer 6; arouting processing section 13 for routing the decapsulated packets fromthe InterServer 6 to a desired IPv6 terminal 2; and a packettransmission section 14 for transmitting the packets. Also the InterBOX3 is provided with a prefix storage section 15 (an address generationsection) for generating an address for the IPv6 terminal 2 using theprefix assigned to the InterBOX 3.

According to such a structure, packets to or from the IPv6 terminal 2can be transmitted through a tunnel established with IPv4 between theInterServer 6 and the InterBOX 3.

FIG. 3 is a schematic structural view showing the InterServer 6.

The InterServer 6 has an address storage section 16 for associating andstoring a global address of the InterBOX 3 with IPv4 (an InterBOX IPv4address 16 a) and a global address of the client device with IPv6 (aclient device IPv6 address 16 b); a tunneling session establishingsection 17 for establishing a tunneling connection with the InterBOX 3based on the address of the InterBOX 3; a capsulating processing section18 for capsulating/decapsulating IPv6 packets with IPv4 to therebyenable communications with the IPv6 terminal 2; and a routing section 19for routing communications between the IPv6 terminal 2 and otherterminals and servers. In addition, the InterServer 6 has an IPv6terminal model identification section 21 for determining the model ofthe IPv6 terminal 2 based on the IPv6 address of the IPv6 terminal 2; acommand setup section 22 for converting a command to be sent to the IPv6terminal 2 to a predetermined command and setting it based on the resultfrom the IPv6 terminal model identification section 21; a filter section23 for filtering the tunnel-transmitted IPv4 packets using predeterminedrules; and a communication session disconnection section 24 fordisconnecting communication sessions in predetermined cases. Packettransmissions are performed by a transmission processing section 25.

Further, the InterServer 6 is connected to a user management server 30.As discussed in detail later, the user management server 30 manages userinformation for each InterBOX 3 and IPv6 terminal 2, and has a userinformation management DB 31 for storing the member information of eachuser, such as an ID, a password, and billing information, as well as theIPv6 prefix, model information, and so on.

Furthermore, the InterServer 6 has a Web server 32, which is open topublic on the IPv4 Internet network, and receives requests from a userof the InterBOX 3 or the IPv6 terminal 2 to allow the user to configurevarious settings. For example, at least some of filtering rules appliedat the filter section 23 may be changed by the user via the Web server32. Note that this Web server 32 may be accessed through the InterBOX 3and the InterServer 6 or through the IPv4 Internet network 4.

As shown in FIG. 4, the filter section 23 has a filtering rule storagesection 33 and a filtering rule setup section 34. The filtering rulestorage section 33 and the filtering rule setup section 34 are connectedto the Web server 32, which is installed with an interface generationsection 35 for interacting with the InterServer, as shown in FIG. 3. Auser connected to the Web server 32 can enter or change the filteringrules by displaying on the user's terminal an interface generated by theinterface generation section 35. Possible filtering rules which may beconfigured here include, for example, ones related to security.

Purposes of the security filtering rules are possibly to: (1) deny allaccess attempts to the home network from outside; (2) deny all accessattempts to the home network from outside except from pre-acceptedservers (Web sites) and networks; and (3) allow access to the homenetwork from outside without restriction. Thus, the filtering method mayallow only specific ports or may deny all access attempts.

Additionally, access from the home network 1 to outside may berestricted, for example, to prevent children from accessing harmfulcontents and to generally prevent users from accessing fraudulent Websites.

These filtering rules may be configured after ID and passwordauthentication by a user authentication section 36, which is provided inthe Web server 32 and connectable to the user management server 30, asshown in FIG. 3.

The filtering rule setup section 34, which configures the filteringrules based on the user entry as described above, also has a function togenerate the filtering rules automatically based on the memberinformation (such as billing and terminal model information) stored inthe user management server 30 without using the user entry. For example,the filtering rules may be configured as a gateway to, for example,allow no connections or allow access only to specific servers dependingon the user's attributes and membership dues payment status.

These filtering rules as a gateway may be used to control vendors whichprovide a fee-based business via the InterServer 6. For example, theInterServer 6 may be provided with a proxy server 38, as shown in FIG.3, for storing addresses a user accesses in a user access information DB39 and managing them to thereby allow the user to connect only to thoseaddresses preset in the filtering rule setup section 34. In this case,it is preferred to implement a function to recognize which services theuser uses and terms of each service contract in addition to the user IDand password in the user information management DB 31, and controltransactions according to the terms. For specific vendors, only samples,but not the true screens, may be displayed to users who have notcompleted a registration procedure.

FIG. 5 is a flowchart showing processing at the filter section 23.First, when a tunneling session is started, the filter section 23configures the filtering rules based on the member information receivedfrom the user management server 30 (step S1). Next it receivesinformation of the destination to which the user requested a connection(for example, a Web site address) from the proxy server 38 (step S2).Then the filter section 23 applies the filtering rules to the connectiondestination information, determines whether or not the access should bepermitted (step S3), and disconnects the communication session throughthe communication session disconnection section 24 if the connection isnot permitted (step S4). If the connection is permitted, the filtersection 23 determines if the session is still valid (step S5). If so,the processing of the steps S2-S5 is repeated. If the session is nolonger valid, the processing is terminated.

Also the proxy server 38 may measure the data communication traffic sothat it can deny access from users who have not paid their bills. Inthis case, the vendor may be informed of the ID's, but not the passwordsor IP addresses of those users. Thus, the user should simply manage apair of ID and password for the InterServer 6. It is appropriate tocheck the ID as a key each time for system consistency since the IPaddress may be changed for the user's convenience or other reasons andsince there may be a risk of data obtained at the vendor side being usedfor a malicious access.

Implementation of the filtering rules and disconnection and connectionof communication sessions based on these rules are performed by thecommunication session disconnection section 24. Incidentally, filteringmethods, gateway methods, and other methods using the configuredfiltering rules are publicly known and therefore omitted herein.

The InterServer 6 has an IPv6 terminal search section 26 (FIG. 3) forproviding users who do not know the address of the IPv6 terminal 2 withan ability to find the IPv6 terminal 2. The IPv6 terminal search section26 searches for and identifies a desired IPv6 terminal 2 based onuser-specified information, for example, the operation state of the IPv6terminal 2 and the network.

To do this, as shown in FIG. 6, the IPv6 terminal search section 26 hasa state information receiving section 40 for receiving state informationsuch as the operation state of the network and the IPv6 terminal 2 whichis connected to the IPv6 home network 1 and the InterBOX 3; a stateinformation accumulation section 41 for storing the received stateinformation in association with the IP addresses of the IPv6 terminal 2and the InterBOX 3; and an IPv6 terminal control section 42.

The state information receiving section 40 receives state information ofeach IPv6 terminal 2 for each prefix or domain (the IPv6 network or theInterBOX 3) which houses the IPv6 terminal 2. The state informationreceiving section 40 may receive the state information by querying thestate for the respective prefix or domain either at predeterminedintervals or on receipt of a reference request for each prefix ordomain. In the former method, for example, a power ON/OFF state of eachIPv6 terminal 2 is queried every minute for the corresponding InterBOXregistered in the InterBOX IPv4 address 16 a.

The state information accumulation section 41 stores the stateinformation of each IPv6 terminal 2 in association with the IPv6terminal 2 and the InterBOX 3. In this case, the obtained stateinformation includes at least one of an operation state, a usage state,location information, property information, information maintained at anode (the InterBOX 3 or the IPv6 terminal 2), and information useful foridentifying the node.

The operation information includes at least one of a power state, anetwork connection state and a communication state. The usage stateincludes at least one of user information, operation time informationand load information. The location information includes at least one ofa geographical location, coordinate information, a zip code, a roomnumber and the like. The property information includes at least one of atype, functions, a shape, colors, device information, softwareinformation and administrator information of the node.

Additionally the model determined by the IPv6 terminal modelidentification section 21 is individually stored as state information.The state information receiving section 40 identifies informationobtainable from the IPv6 terminal 2 based on the model information, andobtains required information in a format appropriate for the obtainableinformation.

The IPv6 terminal search section 26 is provided with a connectionrequest authentication section 27 for connecting to the user managementserver 30 to authenticate the user performing the search or issuing theconnection request, and permit the search or the connection request. Inthe case of a user's home network (with the InterBOX 3), for example,only specific users permitted to connect to this home network areallowed to search and connect. If the connection request authenticationsection 27 gives a positive result, the IPv6 terminal search section 26accesses the state information accumulation section 41 and the addressstorage section 16, and searches for the address of a desired IPv6terminal 2 (and identifies the InterBOX 3).

When a user searches for the InterBOX 3 of the user's own home networkfrom outside using a personal computer, for example, the search resultsmay be displayed as a list of all IPv6 terminals 2, as well as theirstates, which are connected to the InterBOX 3. FIG. 7 is an example of asearch screen and FIG. 8 is an example of a list display of searchresults for the InterBOX. In the example of a search interface shown inFIG. 7, there are provided an entry field 43 for searching for theInterBOX 3 and an entry field 44 for searching for the IPv6 terminal 2,and the search interface is programmed to enable searching from eitherone of them.

In the example of a search result list display shown in FIG. 8, all IPv6terminals 2 connected to the InterBOX 3 are listed together withrespective owner, state, type and model information. Further by pressingan operation screen display button indicated with 45 in the figure, theIPv6 terminal control section 42 is activated and an operation screen(not shown) is displayed according to the type and model of the IPv6terminal 2.

FIG. 9 is a conceptual diagram of a control by the IPv6 terminal controlsection 42.

First, the IPv6 terminal 2 notifies its operation state in response to arequest from the state information receiving section 40 (step S11) whilethe InterBOX 3 is connected to the InterServer 6 through a tunnelingsession. At this point, it may be configured so that the operation statecannot be obtained unless the IPv6 terminal 2 logs in the IPv6 terminalcontrol section 42. The obtained operation state is accumulated andupdated in the state information accumulation section 41 on a regularbasis (step S12).

Next, the user of the IPv6 terminal 2 logs in from outside using his IDand password, and identifies a terminal to control from the list asdescribed above to activate the IPv6 terminal control section 42 (stepS13). The IPv6 terminal control section 42 processes all instructions onthe server side and sends appropriate commands to the terminal device tocontrol it.

Also the user may select a terminal name from the list to therebyconnect to the selected IPv6 terminal via routing. Further, the user mayenter a specific state as a search condition and, if a terminal withthat condition is found, may connect to the terminal directly. Note thatthe connection to the terminal is made after a tunneling connection isestablished even when the user searches for the terminal from outside ofthe home network via the Web server without using the tunnelingconnection through the InterServer 6.

Here, the “tunneling” refers to technologies for connecting IPv6networks (router) through an IPv4 network, and more specifically refersto technologies for transmitting IPv6 packets by capsulating the IPv6packets with IPv4 between specific routers.

In practice, the components 10-42 of the InterBOX 3 and InterServer 6are configured by use of hard disks in a computer system and computersoftware programs installed in those areas, as well as a CPU, a RAM, andperipheral equipment such as other input and output devices forcontrolling the hard disks to read the programs.

Additionally the InterBOX 3 preferably comprises one computer systemwhich includes each IPv6 terminal 2, whereas the InterServer 6preferably comprises a plurality of computer systems which are connectedto one another for load sharing. For example, the IPv6 terminal searchsection 26 for managing the states of the InterBOX 3, the IPv6 terminal2 and the home network preferably is configured in a server with adedicated transmission interface and a control section. This is becauseload sharing may be needed to address an immense number of predictedsessions managing ON/OFF and other states of each device. Also when oneInterServer 6 processes InterBOX'es and IPv6 terminals from differentmanufacturers, there may be provided a plurality of the capsulatingprocessing sections 18, command setup sections 22, filter sections 23and the like.

Hereinafter, operations of the InterBOX 3 and InterServer 6 aredescribed in accordance with communication examples shown in FIG. 10 andlater figures.

FIG. 10 shows communications between an IPv6 terminal 2 of the IPv6 homenetwork 1 connected to the InterBOX 3, and an IPv6 server 7 connected tothe InterServer 6 directly or via the IPv6 home network 1 a.

The present example shown in FIG. 10 is based on the assumption that theInterBOX IPv4 address 16 a and the client device (IPv6 terminal 2) IPv6address 16 b are pre-stored in the InterServer 6. Accordingly, the IPv6terminal 2 needs to notify the InterServer 6 of the IPv6 terminal's ownIPv6 address in advance, for example, via the InterBOX 3 or other means.This operation may be achieved by, for example, a user connecting theIPv6 terminal 2 to the IPv6 home network 1 with a plug-and-play featureto thereby automatically establish a tunneling connection between theInterBOX 3 and the InterServer 6. Upon learning the IPv6 address of theIPv6 terminal 2, or part of the IPv6 address (an IPv6 address prefix ofthe InterServer), the InterServer 6 makes an announcement (broadcast) toother ISP routers in order for routing to the IPv6 address to go throughthis InterServer 6.

Note that if the IPv6 address of the IPv6 terminal 2 depends on a prefixassigned to the InterBOX 3, only the IPv6 prefix of the InterBOX 3,which constitutes part of the address, may be stored as the clientdevice (IPv6 terminal 2) IPv6 address 16 b in the InterServer 6. In thiscase, the InterServer 6 makes an announcement to other ISP routers ofrouting information of its prefix.

Under the conditions where the above processing and configurations (fora tunneling connection) are already implemented, if a request is issuedfor a connection from the IPv6 server 7 to the IPv6 terminal 2, theconnection from the IPv6 server 7 is routed to the InterServer 6. TheInterServer 6 determines the IPv4 address of the InterBOX 3 from theIPv6 address of the IPv6 terminal 2, and establishes a communicationsession with the InterBOX 3 within the tunneling connection via thetunneling session establishing sections 17 and 11.

Once a tunneling communication session is established, packets to theIPv6 terminal 2 are transmitted after being capsulated in IPv4 packetsfor the InterBOX 3 by the capsulating processing section 18. In theInterBOX 3, the capsulating processing section 12 decapsulates thosepackets while the routing processing section 13 processes routing to theIPv6 terminal 2 based on its address included in the packets. Thus aconnection to the IPv6 terminal 2 in an IPv6 home network at home, forexample, may be activated by an external IPv6 server 7.

If the IPv6 terminal 2 is, for example, a home security camera, thiscamera may be activated and controlled even when the home owner isoutside of home through the InterServer 6 and the InterBOX 3 byconnecting the home owner's PDA and the like to a nearest IPv6 network.

Also in this example, the IPv6 terminal model identification section 21,the command setup section 22, and the filter section 23 provided in theInterServer 6 function according to the model of the IPv6 terminal 2.

The IPv6 terminal model identification section 21 is configured todetermine the model of the IPv6 terminal 2 and a network environmentbased on, for example, the IPv6 address of the IPv6 terminal (addressitself or information associated with the address). In this example, theIPv6 terminal 2 and the InterServer 6 are assumed to be produced by thesame manufacturer or under a unified standard, wherein the model of theterminal or the network environment may be easily determined from theIPv6 address assigned to (or generated for) the IPv6 terminal 2 bypresetting a certain set of rules to the IPv6 address. In this case, themanufacturer and the model are determined based on the prefix sectionand the MAC address section within the IPv6 address.

When a special command is required to manage the IPv6 terminal 2, thecommand setup section 22 converts a command included in thecommunication from the IPv6 server 7 to a command specific to the model.For example, commands may be generated from a message described in theHTML language. Alternatively, an instruction from one IPv6 server 7 maybe converted to commands for a plurality of IPv6 terminals 2.

Moreover, the filter section 23 has a function to filter IPv6 packetspassing through the InterServer 6 based on predetermined rules. Thesefiltering rules may be predetermined, for example, at a connectiondestination IPv6 terminal 2 or each network. The communication sessiondisconnection section 24 is configured to disconnect communicationsessions if the IPv6 terminal model identification section 21 does notrecognize models or network environments as predetermined, or if thefilter section 23 returns a negative result. In addition, if aconnection destination IPv6 terminal cannot be connected due to itspower OFF state and the like, and if there are any alternative IPv6devices connected to the same InterBOX, communication sessions may stillbe routed to those other IPv6 terminals based on their model or typeinformation.

FIG. 11 is an example of a connection via the InterServer 6 between IPv6home networks which have InterBOX'es 3 and 3′, respectively. IPv6terminals A and B are connected to the IPv6 home networks, respectively,and communications between these two IPv6 terminals A and B aredescribed below.

Again in this case, the InterServer 6 stores an entirety or part of theaddresses of the IPv6 terminals A and B in association with therespective IPv4 addresses of the InterBOX'es 3 and 3′.

When a connection from one IPv6 terminal A to the other IPv6 terminal Bis requested, first a communication session within the tunnel connectionis established between the InterBOX A of the IPv6 terminal A and theInterServer 6. Next the InterBOX B is identified based on the address ofthe IPv6 terminal B included in the packets, to thereby establish atunneling communication session between the InterServer 6 and theInterBOX B. Then the InterBOX B performs an intra-network routing basedon the IPv6 address of the IPv6 terminal B included in the packets.

In this way, the two IPv6 terminals may communicate with each other withIPv6 through the InterServer 6.

In the above case, the address of the connection destination IPv6terminal may be unknown when communications between the two IPv6terminals are desired. In this situation, the user who is originatingthis connection accesses the InterServer 6 and activates the IPv6terminal search section 26. During this time, for security reasons, theconnection request authentication section 27 authenticates this user anddetermines if the connection request is legitimate to permit searchesfor the connection destination IPv6 terminal and its user. If thedesired IPv6 terminal was successfully identified, a tunnelcommunication session is established based on the IPv6 address of thedesired IPv6 terminal.

According to the above structure, all communications related to the IPv6terminal 2 are performed through the InterServer 6 regardless of theircarriers and ISP's, enabling an owner of the InterServer 6 to freelyconfigure and control the IPv6 terminal 2 and the server 7 on his homeor workplace network. Thus all problems related to conventional in-homerouting, security and individual identification of the IPv6 device whereIPv6 and IPv4 coexist can be solved, and extremely open and yet closednetworks can be realized.

Normally the owner of the InterServer 6 is assumed to be a manufacturerof the IPv6 terminal 2. Therefore, this manufacturer may create addedvalues for users, utilizing the Internet by preparing its own IPv6device lineup compatible with the InterServer 6.

Next sign-up of the IPv6 terminal 2 is described below in accordancewith FIG. 12.

In the above description, the IPv6 address of the IPv6 terminal 2 isreceived from the InterBOX 3. In practice, however, there are variousother possible methods. Also the manufacturer and/or the owner of theInterServer 6 may be interested in obtaining information on the owner(user) of the IPv6 terminal 2. Furthernore, the address of the IPv6terminal 2 may in some case be: a factory default fixed IPx6 addresswritten into the RAM of the IPv6 terminal 2; or determined according tothe IPv6 prefix of a connecting InterBOX 3.

Therefore in the present embodiment, as shown in FIG. 12, the user ofthe IPv6 terminal 2 or the InterBOX 3 should first connect to the usermanagement server 30 to perform a user registration. The userregistration may be done by using the IPv6 terminal 2 through theInterBOX 3, or using IPv4-communication-enabled equipment such as anexisting personal computer or the like. In this embodiment, described isthe case wherein the IPv6 terminal 2 and the InterBOX 3 are used. Alsoin the following, described is the case wherein the IPv6 address of theIPv6 terminal 2 is generated as a combination of an IPv6 address prefixassigned to the InterBOX 3 and a MAC address of the IPv6 terminal 2.

When the user first connects the IPv6 terminal to the InterBOX 3, theInterBOX 3 connects to the user management server 30 via theISP/carrier. Accordingly, information required for a tunnelingconnection from the InterBOX 3 to the InterServer 6 and the IPv6 prefixare passed to the user management server 30. The user also passes, tothe user management server 30 through the InterBOX 3, information aboutthe user, the InterBOX 3, or the IPv6 terminal 2; information regardingthe IPv6 terminal 2 model and the network 1; and information requiredfor billing and the like. In the present example, the InterBOX 3 or eachuser is issued with an ID and a password, in association with whichinformation of the InterBOX 3 or each user is registered in the userinformation management DB 31. Note that information required for theregistration is not limited to the above and that the above and otherinformation may not be required if the password and billing informationare unnecessary.

Also, the IPv6 address prefix of the InterBOX 3 may be assigned andstored in the InterBOX 3 during manufacture, for example, or may benotified of from the server for the first time upon the userregistration in the above manner. In the latter case, in order toperform the user registration on the Internet via no InterBOX 3 but anexisting personal computer or the like, the IPv6 prefix, the ID, and thepassword are manually configured into the InterBOX 3. After thecompletion of such a user registration, information required for theconnection is stored in the InterBOX 3 and the IPv6 terminal 2 as well.In this case, the IPv6 terminal model identification section 26 providedin the InterServer 6 may be configured to determine the model based oninformation registered by the user.

The above-described user management server 30 may be connected to theInterServer 6 or may be independently provided on the Internet.

FIG. 13 shows an embodiment of a specific method for establishing atunneling connection and a communication session within the tunnelingconnection. Each of the reference numerals/symbols S21-S27 in thisfigure corresponds to each of the following steps S21-S27.

In this embodiment, the InterBOX 3 stores the IPv4 address of theInterServer 6 therein: this address may be stored in the RAM by themanufacturer as a factory default, or may be received from anotherserver and the like upon an actual tunneling connection. The former maybe employed if there is a single InterServer 6, and the latter may bemore efficient if there are a plurality of InterServers 6.

The diagram in FIG. 13 is an example of the latter, and a tunnel broker52 is provided accordingly. The tunnel broker 52 is configured so thatthe user information management DB 31 is called for reference. Thetunnel broker 52 is also connected to an address database 53 for storingthe IPv4 addresses of the InterServer 6 and the InterBOX 3. In addition,the InterBOX 3 is preset with an IPv4 global address of the tunnelbroker 52. The InterBOX 3 is also preconfigured with the ID and thepassword (if required) described above.

The InterBOX 3 first connects to the tunnel broker 52 and sends the IDand the password (step S21). The tunnel broker 52 authenticates theInterBOX 3 and concomitantly obtains the IPv6 address prefix of theInterBOX 3 (step S22). Next the tunnel broker 52 selects from theaddress database 53 a destination InterServer 6 of a tunnel connectionto be established (step S23), and notifies the InterBOX 3 of the IPv4address of this InterServer 6 (step S24). Also the tunnel broker 52passes to the InterServer 6 the IPv4 address of the InterBOX 3 and theIPv6 prefix (part of the address of the IPv6 terminal 2) for identifyingthe IPv6 terminal (step S25). In this manner, the InterBOX 3 canidentify the InterServer 6 and establish the tunneling session (stepsS26 and S27). Further, the InterServer 6 announces other routers ofrouting of the notified IPv6 prefix. Thus all routings of IPv6 addresseswith the above prefix go through the InterSever 6.

According to such a structure, if there are multiple InterServers 6, theestablishment of the tunneling connection may be ensured through one ofthem. Incidentally, the user and terminal authentication is performedwith the tunnel broker 52 above, but this does not limit theauthentication method of the present invention. The tunneling broker 52may notify the InterBox 3 of the address of the InterServer 6 only, andthe InterServer 6 may perform the user authentication. Also at thispoint, the InterServer 6 may give an arbitrary address to the InterBox 3or the IPv6 terminal 2.

It is to be understood that the embodiment heretofore described is nomore than one embodiment of the present invention, and that variouschanges and modifications can be made, without departing from the scopeand spirit of the present invention.

For example, the tunneling connection may be established from both theInterBOX 3 and the InterServer 6 in the above one embodiment. However,the tunneling connection may be generally established only from theInterBOX 3 in actual commercial services. This is due to a rarity ofIPv4 fixed IP services. This is because routing is impossible if theIPv4 session itself is actually disconnected: in this case, theconfiguration remains intact once the tunneling (in practice IPv4connection itself) is established until the IPv4 session isdisconnected, and the next IPv4 of the InterBOX 3 is seldom the same asbefore.

Further, the above one embodiment illustrated with the first protocol asIPv6 and the second protocol as IPv4 is not intended to limit theseprotocols. The second protocol may also be IPv6. Also both the first andthe second protocols may be IPv4. Furthermore, both may be other thanthe above protocols.

In the above one embodiment, the InterBOX 3 is provided independently ofeach IPv6 terminal, but the InterBOX 3 itself may be the IPv6 terminal,or the InterBOX 3 may be configured integrally with any IPv6 terminal orevery IPv6 terminal as hardware or software. In the latter case, theremay be a plurality of the InterBOX'es in a single home network.

Having described the invention, the above examples are given toillustrate specific applications of the invention including the bestmode now known to perform the invention. These specific examples are notintended to limit the scope of the invention described in thisapplication.

1. An Internet connection system, comprising: a relay device connectedto a client device and provided in a first network, the first networkcommunicated in a first protocol; and a server connected to the relaydevice through a second network in a second protocol, wherein the relaydevice comprises: a client device global address storage section forstoring a global address of the client device in the first protocol; aserver address storage section for storing a global address of theserver in the second protocol; a first routing device for routing aconnection from the client device through the server based on the globaladdress of the server stored in the server address storage section; anda first packet processing device for capsulating/decapsulating packets,the packets being in the first protocol, using the second protocol tothereby establish a tunneling connection with the server in the firstprotocol, and wherein the server comprises: a second packet processingdevice for capsulating/decapsulating packets, the packets being in thefirst protocol, using the second protocol to thereby establish atunneling connection with the relay device; a client device globaladdress management device for managing the global address of the clientdevice in the first protocol, the client device connected to the relaydevice, in association with a global address of the relay device in thesecond protocol; and a second routing device for routing a connection tothe relay device based on the global address of the client devicemanaged by the client device global address management device.
 2. TheInternet connection system of claim 1, wherein the first and secondprotocols are different.
 3. The Internet connection system of claim 1,wherein the first and second protocols are the same.
 4. The Internetconnection system of claim 1, wherein the server further comprises amodel identification section for determining if the client device is ofa predetermined model and/or the relay device is of a predeterminedmodel.
 5. The Internet connection system of claim 4, wherein the serverfurther comprises a communication session disconnection section fordisconnecting communication sessions or limiting packet transmissions ifthe model identification section determines that the client device orthe relay device is not of the predetermined model.
 6. The Internetconnection system of claim 4, wherein the server further comprises acommand conversion section for converting a command to be sent to theclient device to a command in a predetermined format to control theclient device based on results from the model identification section. 7.The Internet connection system of claim 4, wherein the server furthercomprises a client device control section for controlling the clientdevice based on results from the model identification section.
 8. TheInternet connection system of claim 1, wherein the server furthercomprises a network type identification section for determining if anenvironment of the first network connected with the client device and/orthe relay device is of a predetermined type.
 9. The Internet connectionsystem of claim 8, wherein the server further comprises a communicationsession disconnection section for disconnecting communication sessionsor limiting packet transmissions if a private network environmentconnected with the client device or the relay device is determined notof the predetermined type.
 10. The Internet connection system of claim9, wherein the server further comprises a state information obtainingsection for obtaining at least one of an operation state, a usage state,and location information of the client device and/or the relay device.11. The Internet connection system of claim 10, wherein the stateinformation obtaining section obtains at least one of the operationstate, the usage state, and the location information of the clientdevice using a method according to a model of the client device.
 12. TheInternet connection system of claim 10, wherein the server furthercomprises a search section for searching for the client device or therelay device based on at least one of the global address, the operationstate, the usage state, and the location information of the clientdevice or the relay device.
 13. The Internet connection system of claim11, wherein the search section comprises a means for displaying a listof the client devices connected to each of the relay devices.
 14. TheInternet connection system of claim 13, wherein the server furthercomprises a client device control section for controlling the clientdevice, which selects a specific client device from the list to therebyactivate a control program for the specific client device.
 15. TheInternet connection system of claim 1, wherein the server furthercomprises a client device address search section for searching for theglobal address of the client device in the first protocol based on aconnection request to the client device.
 16. The Internet connectionsystem of claim 15, wherein the server further comprises a connectionrequester authentication section for authenticating a user who requesteda connection to the client device to thereby permit or deny theconnection to the client device.
 17. The Internet connection system ofclaim 1, further comprising: a tunneling connection informationmanagement device for managing information of the tunneling connectionbetween the relay device and the server, wherein the tunnelingconnection information management device sends a notification to therelay device of the global address of the server in the second protocol,and sends a notification to the server of the global address of therelay device in the second protocol and of an entirety or part of theglobal address of the client device in the first protocol.
 18. TheInternet connection system of claim 17, wherein the tunneling connectioninformation management device authenticates the relay device or theserver to obtain an authentication result and, if the authenticationresult is positive, sends the notification.
 19. The Internet connectionsystem of claim 1, wherein the server further comprises a filteringprocessing device for filtering communications to/from the client deviceaccording to predetermined rules.
 20. The Internet connection system ofclaim 19, wherein the server further comprises a filtering rule setupsection for providing an interface for editing the predetermined rules.21. The Internet connection system of claim 1, wherein the relay devicefurther comprises a model identification section for determining if theclient device is of a predetermined model.
 22. The Internet connectionsystem of claim 21, wherein the relay device further comprises acommunication session disconnection section for disconnectingcommunication sessions if the model identification section determinesthat the client device is not of the predetermined model.
 23. A relaydevice, used in an Internet connection system which comprises: the relaydevice connected to a client device and provided in a first network, thefirst network communicated in a first protocol; and a server connectedto the relay device through a second network in a second protocol,comprising: a client device global address storage section for storing aglobal address of the client device in the first protocol; a serveraddress storage section for storing a global address of the server inthe second protocol; a first routing device for routing a connectionfrom the client device through the server based on the global address ofthe server stored in the server address storage section; and a firstpacket processing device for capsulating/decapsulating packets, thepackets in the first protocol, using the second protocol to therebyestablish a tunneling connection with the server in the first protocol.24. A server, used in an Internet connection system which comprises: arelay device connected to a client device and provided in a firstnetwork, the first network communicated in a first protocol; and theserver connected to the relay device through a second network in asecond protocol, comprising: a second packet processing device forcapsulating/decapsulating packets, the packets in the first protocol,using the second protocol to thereby establish a tunneling connectionwith the relay device; a client device global address management devicefor managing a global address of the client device in the firstprotocol, the client device connected to the relay device, inassociation with a global address of the relay device in the secondprotocol; and a second routing device for routing a connection to therelay device based on the global address of the client device managed bythe client device global address management device.
 25. A server, usedin an Internet connection system which comprises: a relay deviceprovided in a first network; and the server connected to a client devicethrough the relay device and the Internet, the client device connectedto the first network, comprising: a client device address managementdevice for managing an address of the client device connected to therelay device in association with an address of the relay device; arouting device for routing a connection, the connection from theInternet to the client device, to the relay device connected to theclient device based on the address of the client device managed at theclient device address management device; a model identification sectionfor determining if the client device is of a predetermined model and/orthe relay device is of a predetermined model; and a command conversionsection for converting a command to be sent to the client device to acommand in a predetermined format to control the client device based onresults from the model identification section.
 26. The server of claim25, further comprising: a communication session disconnection sectionfor disconnecting communication sessions or limiting packettransmissions if the model identification section determines that theclient device or the relay device is not of the predetermined model. 27.The server of claim 25, wherein the client device includes a peripheraldevice which is communicable with the relay device but cannot by itselfconnect to the Internet.
 28. The server of claim 25, further comprising:a network type identification section for determining if an environmentof the first network connected with the client device and/or the relaydevice is of a predetermined type.
 29. The server of claim 28, furthercomprising: a communication session disconnection section fordisconnecting communication sessions or limiting packet transmissions ifa private network environment connected to the client device or therelay device is determined not of the predetermined type.
 30. The serverof claim 25, further comprising: a state information obtaining sectionfor obtaining at least one of an operation state, a usage state, andlocation information of the client device and/or the relay device. 31.The server of claim 30, wherein the state information obtaining sectionobtains at least one of the operation state, the usage state, and thelocation information of the client device using a method according to amodel of the client device.
 32. The server of claim 30, furthercomprising: a client device control section for controlling the clientdevice, wherein the client device control section comprises a means fordisplaying to a user at least one of the operation state, the usagestate, and the location information of the client device.
 33. The serverof claim 30, further comprising: a search section for searching for theclient device or the relay device based on at least one of the address,the operation state, the usage state, and the location information ofthe client device or the relay device.
 34. The server of claim 33,wherein the search section comprises a means for displaying a list ofthe client devices found by the search section, each with the operationstate.
 35. The server of claim 34, wherein the means displays a list ofthe client devices connected to each of the relay devices.
 36. Theserver of claim 34, further comprising: a client device control sectionfor controlling the client device, wherein the client device controlsection selects a specific client device from the list to therebyactivate a control program for the specific client device.
 37. Theserver of claim 25, wherein the relay device is provided in the clientdevice.
 38. The server of claim 25, further comprising: a second packetprocessing device for capsulating/decapsulating packets, the packetsbeing in a first protocol, using a second protocol to thereby establisha tunneling connection with the relay device; a client device globaladdress management device for managing a global address of the clientdevice in the first protocol, the client device connected to the relaydevice, in association with a global address of the relay device in thesecond protocol; and a second routing device for routing a connection tothe relay device based on the global address of the client devicemanaged by the client device global address management device.
 39. Theserver of claim 38, wherein the first and second protocols aredifferent.
 40. The server of claim 38, wherein the first and secondprotocols are the same.
 41. The server of claim 38, further comprising:a client device address search section for searching for the globaladdress of the client device in the first protocol based on a connectionrequest to the client device.
 42. The server of claim 41, furthercomprising: a connection requester authentication section forauthenticating a user who requested a connection to the client device tothereby permit or deny the connection to the client device.
 43. Theserver of claim 38, further comprising: a tunneling connectioninformation management device for managing information of the tunnelingconnection between the relay device and the server, wherein thetunneling connection information management device sends a notificationto the relay device of the global address of the server in the secondprotocol, and obtains the global address of the relay device in thesecond protocol and an entirety or part of the global address of theclient device in the first protocol.
 44. The server of claim 43, whereinthe tunneling connection information management device authenticates therelay device to obtain an authentication result, and, if theauthentication result is positive, sends the notification.
 45. Theserver of claim 38, further comprising: a filtering processing devicefor filtering communications to/from the client device according topredetermined rules.
 46. The server of claim 45, further comprising: afiltering rule setup section for providing an interface for editing thepredetermined rules.